Защита RDP от перебора паролей при помощи Mikrotik

?>

Защита RDP от перебора паролей при помощи оборудования Mikrotik

Защита RDP от перебора паролей при помощи оборудования Mikrotik

    Статья позволяет защитить RDP, если можно изменить уже определённый сканерами порт. В случае когда порт менять нельзя, есть небольшой рабочий рецепт. Подобное в интернете встречал, но тут присутствует допил и тонкая настройка.
   Настройка через терминал:
/ip firewall filter
 
 
add action=add-src-to-address-list address-list=rdp_blacklist \
 
address-list-timeout=4000m chain=forward comment=rdp_to_blacklist \
 
connection-state=new dst-port=3389 protocol=tcp src-address-list=\
 
rdp_stage12
 
add action=add-src-to-address-list address-list=rdp_stage12 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage11
 
add action=add-src-to-address-list address-list=rdp_stage11 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage10
 
add action=add-src-to-address-list address-list=rdp_stage10 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage9
 
add action=add-src-to-address-list address-list=rdp_stage9 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage8
 
add action=add-src-to-address-list address-list=rdp_stage8 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage4
 
add action=add-src-to-address-list address-list=rdp_stage7 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage6
 
add action=add-src-to-address-list address-list=rdp_stage6 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage5
 
add action=add-src-to-address-list address-list=rdp_stage5 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=\
 
3389 protocol=tcp src-address-list=rdp_stage4
 
add action=add-src-to-address-list address-list=rdp_stage4 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=\
 
3389 protocol=tcp src-address-list=rdp_stage3
 
add action=add-src-to-address-list address-list=rdp_stage3 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage2
 
add action=add-src-to-address-list address-list=rdp_stage2 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp src-address-list=rdp_stage1
 
add action=add-src-to-address-list address-list=rdp_stage1 \
 
address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \
 
protocol=tcp
 
/ip firewall raw
 
add action=drop chain=prerouting in-interface=ether1 src-address-list=rdp_blacklist